Security at RunIta1
Small business owners trust RunIta1 with their phone line, email inbox, and customer data. We take that seriously.
Bank-Level Encryption
All stored credentials — email tokens, API keys, integrations — are encrypted using AES-256-GCM before being saved to the database. This is the same standard used by financial institutions.
HTTPS Everywhere
All data in transit is protected by TLS. Every connection — from your browser to our servers, from our servers to third-party services — uses HTTPS. No exceptions.
OAuth — We Never See Your Password
When you connect your Gmail or Outlook, we use OAuth 2.0. RunIta1 never sees or stores your email password. We request only the minimum permissions needed: read and send.
SOC 2-Aligned Practices
RunIta1 follows SOC 2 security practices including access controls, audit logging, and incident response — even before formal certification.
Complete Data Isolation
Each client's data is completely separate. Row-level security is enforced at the database level — it is technically impossible for one client to access another's data.
Call Recording Disclosure
Every call handled by RunIta1 begins with: "This call may be recorded for quality purposes." Clients can disable recording in their settings.
12-Month Data Retention
Call logs, email logs, and appointment records are retained for 12 months then automatically deleted. You can request immediate deletion at any time.
Uptime Monitoring & Incident Response
RunIta1 is monitored 24/7. If anything goes down, we are alerted within 5 minutes and working on a fix. Jordan is notified immediately for any service disruption.
Security Concerns?
If you discover a security issue or have a concern, contact us immediately at security@runita1.com. We take all reports seriously and respond within 24 hours.